CVE-2024-8523

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2024-27476

MEDIUM
CVSS:4.7(Medium)

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.

CWE-942024

CVE-2023-44853

MEDIUM
CVSS:4.8(Medium)

\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.

CWE-942023

CVE-2024-37773

MEDIUM
CVSS:4.8(Medium)

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.

CWE-942024

CVE-2023-2943

MEDIUM
CVSS:4.6(Medium)

Code Injection in GitHub repository openemr/openemr prior to 7.0.1.

CWE-942023

CVE-2005-1876

MEDIUM
CVSS:4.5(Medium)

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a templ...

CWE-942005

CVE-2016-7787

MEDIUM
CVSS:4.9(Medium)

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CWE-942016